FAQ
Edit report at http://pear.php.net/bugs/bug.php?id=16405&edit=1

ID: 16405
Updated by: holger.schletz@web.de
Reported By: holger dot schletz at web dot de
Summary: Compatibility issues with escaped strings
-Status: Open
+Status: Closed
Type: Bug
Package: MDB2_Driver_pgsql
Package Version: 1.5.0b2
PHP Version: Irrelevant
-Assigned To:
+Assigned To: hschletz
Roadmap Versions:
New Comment:

-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: hschletz



Previous Comments:
------------------------------------------------------------------------

[2009-07-05 17:32:22] hschletz

The following patch has been added/updated:

Patch Name: enforce_escapes_in_normal_quotes
Revision: 1246811541
URL:
http://pear.php.net/bugs/patch-display.php?bug=16405&patch=enforce_escapes_in_normal_quotes&revision=1246811541&display=1

------------------------------------------------------------------------

[2009-07-05 17:31:01] hschletz

Description:
------------
PostgreSQL 8.2 introduced a new behavior regarding escape sequences in
string literals. A special quoting method (E'...', introduced in 8.1)
should be used instead of normal quotes. Starting with 8.2, the behavior
of normal quotes is controlled by the new "standard_conforming_strings"
setting. It currently (as of 8.4) defaults to "off" (which may change
with future releases), keeping the old behavior of interpreting escape
sequences, and a warning is logged (controlled by the
"escape_string_warning" setting). When set to "on", escape sequences are
ignored: '\n' would literally become a backslash and the letter 'n'
instead of a newline character.

See
http://www.postgresql.org/docs/8.4/interactive/sql-syntax-lexical.html#SQL-SYNTAX-CONSTANTS
for more information.

MDB2's quote() method (and also execute(), which makes use of quote())
does not take this into account. Now we are at the mercy of the
standard_conforming_strings setting, which may be controlled by the
server's default, the server administrator and the application itself.

Making quote() return escape-style quotes (which also work if the
string does not contain escape sequences) would be easy, but this would
not solve all problems:

- Strings that are not quoted using quote() would not be affected.
Recommended or not, we can't prevent applications from doing things like
this:
$result = $db->query ("SELECT foo FROM bar where foo='a\\\\b'");
- The string_quoting['start'] property should be set to "E'" which
would break _skipDelimitedStrings() if the query contains a placeholder
within normal quotes (which would habe been introduced manually, like in
the example above). This problem could be worked around, but in an ugly
fashion...
- Applications that use the result of quote() beyond its purpose and do
some funny stuff with it (like stripping the quotes) might break.

For best compatibility, I think it's better to set
standard_conforming_strings to "off" (and to disable the warning) for
servers >= 8.2. The attached patch does this upon connection. The
application might change this setting afterwards, but that must be done
explicitly by someone who probably knows what he's doing.

------------------------------------------------------------------------

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppear-bugs @
categoriesphp
postedAug 2, '09 at 8:44a
activeAug 2, '09 at 8:44a
posts1
users1
websitepear.php.net

1 user in discussion

Holger Schletz: 1 post

People

Translate

site design / logo © 2021 Grokbase